Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

account/api

Describe the bug

Starting in Keycloak 26.3.1, any call to searchForUserStream() in custom providers triggers a NullPointerException: Null keys are not supported! due to authorization filtering attempting to lookup users with null IDs.

Environment

• Keycloak Version: 26.3.1, 26.3.2 (confirmed broken in both)
• Java Version: 21
• Database: PostgreSQL

Steps to Reproduce

1. Create a custom RealmResourceProvider
2. Call userQueryProvider.searchForUserStream(realm, searchParams) with any search parameters
3. The call immediately fails

Version

26.3.2

Regression

• The issue is a regression

Expected behavior

searchForUserStream() should return users matching the search criteria without throwing exceptions

Actual behavior

Error details:

java.lang.NullPointerException: Null keys are not supported!
    at org.infinispan.commons.util.Util.checkNotNull(Util.java:136)
    at org.infinispan.cache.impl.CacheImpl.get(CacheImpl.java:401)
    at org.keycloak.models.cache.infinispan.UserCacheSession.getUserById(UserCacheSession.java:XXX)
    at org.keycloak.services.DefaultKeycloakContext.getUser(DefaultKeycloakContext.java:XXX)
    at org.keycloak.authorization.fgap.evaluation.partial.PartialEvaluator.getPredicates(PartialEvaluator.java:61)
    at org.keycloak.authorization.fgap.AdminPermissionsSchema.applyAuthorizationFilters(AdminPermissionsSchema.java:452)

How to Reproduce?

This will fail in 26.3.1+

Stream users = session.users().searchForUserStream(realm, Map.of());
return Response.ok(users.count()).build();

Anything else?

No response